Skip to content

Commit

Permalink
Merge pull request #3855 from mavasani/FI_2_9_x
Browse files Browse the repository at this point in the history 
Merge 2.9.x into master
  • Loading branch information
@mavasani
mavasani committed Jul 14, 2020
2 parents 194d144 + 2d4de12 commit 303d517
Show file tree
Hide file tree
Showing 56 changed files with 5,010 additions and 68 deletions.
16 changes: 12 additions & 4 deletions src/Microsoft.CodeAnalysis.FxCopAnalyzers/Microsoft.CodeAnalysis.FxCopAnalyzers.md
View file

Large diffs are not rendered by default.

177 changes: 173 additions & 4 deletions src/Microsoft.CodeAnalysis.FxCopAnalyzers/Microsoft.CodeAnalysis.FxCopAnalyzers.sarif
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,7 @@
},
"CA1012": {
"id": "CA1012",
"shortDescription": "Abstract types should not have constructors",
"shortDescription": "Abstract types should not have public constructors",
"fullDescription": "Constructors on abstract types can be called only by derived types. Because public constructors create instances of a type, and you cannot create instances of an abstract type, an abstract type that has a public constructor is incorrectly designed.",
"defaultLevel": "warning",
"helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca1012",
Expand Down Expand Up @@ -971,7 +971,7 @@
"CA1508": {
"id": "CA1508",
"shortDescription": "Avoid dead conditional code",
"fullDescription": "'{0}' is always '{1}'. Remove or refactor the condition(s) to avoid dead code.",
"fullDescription": "'{0}' is never '{1}'. Remove or refactor the condition(s) to avoid dead code.",
"defaultLevel": "warning",
"helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca1508",
"properties": {
Expand Down Expand Up @@ -1350,7 +1350,7 @@
"CA1805": {
"id": "CA1805",
"shortDescription": "Do not initialize unnecessarily",
"fullDescription": "The common language runtime initializes all fields to their default values before running the constructor. In most cases, initializing a field to its default value in a constructor is redundant, which adds to maintenance costs and may degrade performance (such as with increased assembly size). One case where it is not redundant occurs when the constructor calls another constructor of the same class or a base class constructor and that constructor initializes the field to a non-default value. In this case, changing the value of the field back to its default value can be appropriate.",
"fullDescription": "The .NET runtime initializes all fields of reference types to their default values before running the constructor. In most cases, explicitly initializing a field to its default value in a constructor is redundant, adding maintenance costs and potentially degrading performance (such as with increased assembly size), and the explicit initialization can be removed. In some cases, such as with static readonly fields that permanently retain their default value, consider instead changing them to be constants or properties.",
"defaultLevel": "warning",
"helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca1805",
"properties": {
Expand Down Expand Up @@ -2558,7 +2558,7 @@
},
"CA1835": {
"id": "CA1835",
"shortDescription": "Prefer the 'Memory'-based overloads for 'ReadAsync' and 'WriteAsync'.",
"shortDescription": "Prefer the 'Memory'-based overloads for 'ReadAsync' and 'WriteAsync'",
"fullDescription": "'Stream' has a 'ReadAsync' overload that takes a 'Memory<Byte>' as the first argument, and a 'WriteAsync' overload that takes a 'ReadOnlyMemory<Byte>' as the first argument. Prefer calling the memory based overloads, which are more efficient.",
"defaultLevel": "warning",
"helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca1835",
Expand Down Expand Up @@ -3382,6 +3382,139 @@
]
}
},
"CA2350": {
"id": "CA2350",
"shortDescription": "Do not use insecure deserialization with DataTable.ReadXml()",
"fullDescription": "The method '{0}' is insecure when deserializing untrusted data. If deserializing untrusted data, replace with TBD.",
"defaultLevel": "warning",
"helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca2350",
"properties": {
"category": "Security",
"isEnabledByDefault": false,
"typeName": "DoNotUseDataTableReadXml",
"languages": [
"C#",
"Visual Basic"
],
"tags": [
"Telemetry"
]
}
},
"CA2351": {
"id": "CA2351",
"shortDescription": "Do not use insecure deserialization with DataSet.ReadXml()",
"fullDescription": "The method '{0}' is insecure when deserializing untrusted data. If deserializing untrusted data, replace with TBD.",
"defaultLevel": "warning",
"helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca2351",
"properties": {
"category": "Security",
"isEnabledByDefault": false,
"typeName": "DoNotUseDataSetReadXml",
"languages": [
"C#",
"Visual Basic"
],
"tags": [
"Telemetry"
]
}
},
"CA2352": {
"id": "CA2352",
"shortDescription": "Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks",
"fullDescription": "When deserializing untrusted input with an IFormatter-based serializer, deserializing a {0} object is insecure. '{1}' either is or derives from {0}.",
"defaultLevel": "warning",
"helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca2352",
"properties": {
"category": "Security",
"isEnabledByDefault": false,
"typeName": "DataSetDataTableInSerializableTypeAnalyzer",
"languages": [
"C#",
"Visual Basic"
],
"tags": [
"Telemetry"
]
}
},
"CA2353": {
"id": "CA2353",
"shortDescription": "Unsafe DataSet or DataTable in serializable type",
"fullDescription": "When deserializing untrusted input, deserializing a {0} object is insecure. '{1}' either is or derives from {0}.",
"defaultLevel": "warning",
"helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca2353",
"properties": {
"category": "Security",
"isEnabledByDefault": false,
"typeName": "DataSetDataTableInSerializableTypeAnalyzer",
"languages": [
"C#",
"Visual Basic"
],
"tags": [
"Telemetry"
]
}
},
"CA2354": {
"id": "CA2354",
"shortDescription": "Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attacks",
"fullDescription": "When deserializing untrusted input, deserializing a {0} object is insecure. '{1}' either is or derives from {0}.",
"defaultLevel": "warning",
"helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca2354",
"properties": {
"category": "Security",
"isEnabledByDefault": false,
"typeName": "DataSetDataTableInIFormatterSerializableObjectGraphAnalyzer",
"languages": [
"C#",
"Visual Basic"
],
"tags": [
"Telemetry"
]
}
},
"CA2355": {
"id": "CA2355",
"shortDescription": "Unsafe DataSet or DataTable type found in deserializable object graph",
"fullDescription": "When deserializing untrusted input, deserializing a {0} object is insecure. '{1}' either is or derives from {0}.",
"defaultLevel": "warning",
"helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca2355",
"properties": {
"category": "Security",
"isEnabledByDefault": false,
"typeName": "DataSetDataTableInSerializableObjectGraphAnalyzer",
"languages": [
"C#",
"Visual Basic"
],
"tags": [
"Telemetry"
]
}
},
"CA2356": {
"id": "CA2356",
"shortDescription": "Unsafe DataSet or DataTable type in web deserializable object graph",
"fullDescription": "When deserializing untrusted input, deserializing a {0} object is insecure. '{1}' either is or derives from {0}.",
"defaultLevel": "warning",
"helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca2356",
"properties": {
"category": "Security",
"isEnabledByDefault": false,
"typeName": "DataSetDataTableInWebSerializableObjectGraphAnalyzer",
"languages": [
"C#",
"Visual Basic"
],
"tags": [
"Telemetry"
]
}
},
"CA3001": {
"id": "CA3001",
"shortDescription": "Review code for SQL injection vulnerabilities",
Expand Down Expand Up @@ -4635,6 +4768,24 @@
"Telemetry"
]
}
},
"CA2016": {
"id": "CA2016",
"shortDescription": "Forward the 'CancellationToken' parameter to methods that take one",
"fullDescription": "Forward the 'CancellationToken' parameter to methods that take one to ensure the operation cancellation notifications gets properly propagated, or pass in 'CancellationToken.None' explicitly to indicate intentionally not propagating the token.",
"defaultLevel": "warning",
"helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca2016",
"properties": {
"category": "Reliability",
"isEnabledByDefault": true,
"typeName": "CSharpForwardCancellationTokenToInvocationsAnalyzer",
"languages": [
"C#"
],
"tags": [
"Telemetry"
]
}
}
}
},
Expand Down Expand Up @@ -4700,6 +4851,24 @@
"Telemetry"
]
}
},
"CA2016": {
"id": "CA2016",
"shortDescription": "Forward the 'CancellationToken' parameter to methods that take one",
"fullDescription": "Forward the 'CancellationToken' parameter to methods that take one to ensure the operation cancellation notifications gets properly propagated, or pass in 'CancellationToken.None' explicitly to indicate intentionally not propagating the token.",
"defaultLevel": "warning",
"helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca2016",
"properties": {
"category": "Reliability",
"isEnabledByDefault": true,
"typeName": "BasicForwardCancellationTokenToInvocationsAnalyzer",
"languages": [
"Visual Basic"
],
"tags": [
"Telemetry"
]
}
}
}
},
Expand Down
Loading

0 comments on commit 303d517

Please sign in to comment.